Test anonymous and RBAC handling via config file

This commit is contained in:
Jordan Liggitt
2023-11-08 11:24:55 -06:00
parent 264cd64824
commit b53134f129

View File

@@ -17,6 +17,7 @@ limitations under the License.
package auth
import (
"bytes"
"context"
"encoding/json"
"fmt"
@@ -34,6 +35,7 @@ import (
"k8s.io/apiserver/pkg/features"
utilfeature "k8s.io/apiserver/pkg/util/feature"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
featuregatetesting "k8s.io/component-base/featuregate/testing"
kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
"k8s.io/kubernetes/test/integration/authutil"
@@ -63,6 +65,16 @@ authorizers:
)
t.Cleanup(server.TearDownFn)
// Make sure anonymous requests work
anonymousClient := clientset.NewForConfigOrDie(rest.AnonymousClientConfig(server.ClientConfig))
healthzResult, err := anonymousClient.DiscoveryClient.RESTClient().Get().AbsPath("/healthz").Do(context.TODO()).Raw()
if !bytes.Equal(healthzResult, []byte(`ok`)) {
t.Fatalf("expected 'ok', got %s", string(healthzResult))
}
if err != nil {
t.Fatal(err)
}
adminClient := clientset.NewForConfigOrDie(server.ClientConfig)
sar := &authorizationv1.SubjectAccessReview{Spec: authorizationv1.SubjectAccessReviewSpec{